$$.exe

The executable $$.exe has been detected as malware by 1 anti-virus scanner. While running, it connects to the Internet address ns55.hostinglotus.net on port 80 using the HTTP protocol.
MD5:
86a77dc56ba68a7394cbc1daeb8b08ed

SHA-1:
cd4fb97ae8456d1f9577c0e1e898939a4d899e65

SHA-256:
11dcb8067536d804dd8586284a060db9f7b706b2dfc55e50ac811fc47b3188f1

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/5/2024 1:06:04 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Trojan.Agent.Bibin
16.12.18.4

File size:
121.7 KB (124,603 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\$$.exe

File PE Metadata
Compilation timestamp:
11/22/2012 5:16:59 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

Entry address:
0x1240

Entry point:
1B, F9, 88, CF, 68, 03, 9E, E0, 00, 1A, E9, 45, F7, C7, B5, E4, 30, A8, 81, FF, D8, 43, 00, 00, 75, 01, F2, 34, FE, 87, CF, EB, 02, 88, F2, 86, FD, 8D, 2D, 10, BE, D6, 5E, 29, D3, E8, 24, 00, 00, 00, 81, FD, D3, 45, 00, 00, 77, 05, 8A, E2, C6, C2, 92, B1, 07, 0B, C3, 0F, AF, C6, FE, CC, 81, F3, F5, DA, 00, 00, 0F, B6, C0, 0F, AF, D3, 89, E8, 81, FE, 65, EB, 57, 3C, 4B, 89, C3, 18, CF, 8D, 05, 61, 8E, 3A, D4, 0F, BE, D3, 81, E9, F0, 87, 00, 00, 71, 08, FF, CB, 8D, 1D, B5, B3, 9E, AD, BF, 00, 00, 00, 00, 88...
 
[+]

Entropy:
7.0668

Code size:
5 KB (5,120 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.internetdsl.pl  (217.97.216.17:80)

TCP (HTTP):
Connects to ns55.hostinglotus.net  (119.59.104.33:80)

TCP (HTTP):
Connects to li963-234.members.linode.com  (45.33.9.234:80)

TCP (HTTP):
Connects to cluster010.ovh.net  (213.186.33.19:80)

Remove $$.exe - Powered by Reason Core Security